Splunk ITSI

Splunk ITSI configuration

DataOrg
Builder

I want to configure ITSI plugin to my splunk enterprise.

what are the steps to follow and what is the system requirements.
what all data will be needed to configure?

0 Karma
1 Solution

skoelpin
SplunkTrust
SplunkTrust

Have you tried looking at the Splunk docs that cover installation?

https://docs.splunk.com/Documentation/ITSI/3.1.1/IModules/ITSIModuleInstallationandDeployment

As for hardware specs, ITSI is very search heavy so you should first identify what services you want to use and how frequent they are going to run

View solution in original post

rajneeshc1981
Explorer

Has anyone deployed Itsi recently I need some info.

0 Karma

skoelpin
SplunkTrust
SplunkTrust

Yes.. I've deployed it many times. Why not create a new question and get help?

0 Karma

rajneeshc1981
Explorer

I have installed ITSI free instance from the website ,I want to know how to how to install componats in etc$ I don't know how to access it from GUI.

0 Karma

rajneeshc1981
Explorer

ok I just have access to spunk searched, how Cani deploy on it.

0 Karma

skoelpin
SplunkTrust
SplunkTrust

Open a new question..

0 Karma

PowerPacked
Builder

Hi @premranjithj

There are actually number of considerations to implement ITSI,

what is the system requirements ?
Java to be installed on search heads as Anomaly Detection & Notable Events require it.
Search Heads & Indexers to have good amount of RAM & CPU cores.
Search Heads to be higher in version > 6.5.
Forward Data from Search heads to indexers as ITSI data is stored in summary indexing.
refer this doc for deployment planning,
https://docs.splunk.com/Documentation/ITSI/3.1.1/Configure/DeploymentPlanning

what all data will be needed to configure?
You need to create Services and Entities.
You need to create KPI'S which runs in Services and on Entities, which are used to calculate the Service Health Score of these Services.
you can look at these series of docs to configure the Services, Entities & kpi's.
https://docs.splunk.com/Documentation/ITSI/3.1.1/Configure/CreateService

Thanks

skoelpin
SplunkTrust
SplunkTrust

Have you tried looking at the Splunk docs that cover installation?

https://docs.splunk.com/Documentation/ITSI/3.1.1/IModules/ITSIModuleInstallationandDeployment

As for hardware specs, ITSI is very search heavy so you should first identify what services you want to use and how frequent they are going to run

Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...